Create a Private Encrypted Folder On Ubuntu Hardy With eCryptfs

eCryptfs is a encryption application for Linux that you can use to encrypt your files/folders and prevent others from viewing it. eCryptfs does not require its own partition. You can easily create a dynamic encrypted private directory on your Home folder that will shrink or grow in size according to the files you add to it. Whatever files you place in the private directory will be encrypted and safe from the public eyes.

In Ubuntu Ibex, the eCryptfs package was included in the Ubuntu main to support the use of a secret encrypted folder in the Home folder. To get it working in Ubuntu Hardy, you will have to follow the steps below:

First, install the eCryptfs package:

sudo apt-get install ecryptfs-utils

Create your own secret folder.

mkdir /secret

Mount the ecryptfs to the secret folder

sudo mount -t ecryptfs ~/secret ~/secret

It will then prompt you to answer a few questions.

1) Selecting your key type for newly created files

Press “1” to select passphrase

You will be asked to enter and verify your passphrase.

2) Selecting your encryption cipher

The default option is shown in the [ ]. If you are not sure of what to select, simply press Enter to select the default.

3) Select key byte

4) Enable plaintext passthrough

If you want to use unecrypted file inside your secret folder, then select ‘Y’. If not, type ‘N’.

Now, open your Nautilus (Places->Home Folder). You should see a secret drive mounted in the filesystem.

Testing out your secret folder encryption

Add some files to the secret folder.

Unmount it

sudo umount ~/secret

Access the secret folder again and open any of the files that you have just added. You should not be able to open and view the file content. That’s good. All your files are now encrypted.

Creating a launcher

Having a launcher on your desktop allows you to mount the secret folder easily.

The next time you want to mount your secret folder, simply click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the secret folder will be mounted in the Home folder.

whether the encrypted folder unmounted automatically when I log out the ubuntu,because I know all these either mount or unmount are automatically in the new coming ubuntu version 9.04,if not whether the other users still can access my secret files?how to avoid it ? helai

@helai: Yes, the encrypted folder will be unmounted automatically when you log out. However, even after you unmount the folder, other users will still be able to see the secret folder and the files inside. It just that when they open the files, they will see rubbish (encrypted text).

but I check the web site Tombuntu,it doesn’t say like this,he says he create a launch of unmount similar as mount to unmount the encrypted folder before he log out the OS,it seems we need to unmount this folder to prevent other users can view my files if i forget it,is it right or not? may be you can help me make a test to check it Thanks, helai

It seems a joke,when I start to try it,but it shows me: lenovo@ubuntu:~$ uname -r 2.6.24-21-generic

lenovo@ubuntu:~$ sudo mount -t ecryptfs ~/Private ~/Private

Unable to get the version number of the kernel module. Please make sure that you have the eCryptfs kernel module loaded, you have sysfs mounted, and the sysfs mount point is in /etc/mtab. This is necessary so that the mount helper knows which kernel options are supported.

Make sure that your system is set up to auto-load your filesystem kernel module on mount.

Unable to get the version number of the kernel module. Please make sure that you have the eCryptfs kernel module loaded, you have sysfs mounted, and the sysfs mount point is in /etc/mtab. This is necessary so that the mount helper knows which kernel options are supported.

Make sure that your system is set up to auto-load your filesystem kernel module on mount.

About this message: Unable to get the version number of the kernel module. Please make sure that you have the eCryptfs kernel module loaded, you have sysfs mounted, and the sysfs mount point is in /etc/mtab. This is necessary so that the mount helper knows which kernel options are supported.

Make sure that your system is set up to auto-load your filesystem kernel module on mount.

Here’s a batch file I use so I can hit one button to either mount or unmount: #/bin/bash if mount | grep secret then # Replace the USER with your own username sudo umount /home/USER/secret else # Replace the USER with your own username sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n fi